Guidelines are based on scientific sources.
| Name | Guidelines for successful authentication |
| Sources | (De Angeli et al., 2005) |
| Synonyms | None |
| Context | Graphical authentication mechanisms for user interfaces |
| Item 1 | Authentication mechanisms must be selected according to system, task and user requirements. a) “Maximise usability whenever security is not paramount; otherwise make sure to educate the user to comply with the security policy .” b) “Security is a multi-facet concept, whose basic aspects are guessability, observability and recordability (see Section 3.1). The relative importance of each of these dimensions varies according to task requirements and need to be established in advance as a fundamental system requirement.” c) “Usability is a multi-facet concept, whose basic aspects are effectiveness, efficiency and user satisfaction (International Standard Organization (ISO), 1997). The relative importance of each of these dimensions varies according to task and user requirements and need to be established in advance as a fundamental system requirement.” |
| Item 2 | Concrete, nameable, and distinctive colour images are easier to remember; thus, they tend to improve all aspects of usability but they decrease security (recordability)." “Test your image set with real users whenever possible, or use a visual database similar to those tested and reported in the literature.” |
| Item 3 | Control the visual configuration of the challenge set by a) “displaying distractors from different semantic categories from those in the challenge set (to increase usability);” b) “displaying visually dissimilar distractors from those in the challenge set (to increase usability); and” c) “using as many categories as possible so that distractors can be drawn from a wide set of possibilities (to increase security)” |
| Item 4 | System-allocated codes “have a positive effect on security (reducing predictability) but they may affect usability (being more difficult to remember).” |
| Item 5 | Keys displayed in fixed locations at each authentication attempt “increase usability but decrease security (observability).” [Principle] Consistent Controls and Placement |
| Item 6 | Portfolio-based solutions “increase usability (effectiveness) and affect security, increasing guessability but decreasing observability, as a new challenge set is presented at each authentication attempt.” |
| Examples | None |
| Related Guidelines | Designing Graphical Authentication Mechanism Interfaces Graphical Passwords on Smartphones Password Guidance: Simplifying Your Approach |
| Tags | authentication, graphical authentication |
| Log history | [01/18/2019]: Added to repository |
De Angeli, A., Coventry, L., Johnson, G., Renaud, K., 2005. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies 63, 128–152. doi:https://doi.org/10.1016/j.ijhcs.2005.04.020
International Standard Organization (ISO), 1997. ISO 9241: Ergonomics requirements for office work with visual displayterminal (vdt) — parts 1–17.